Identity Crime FAQ for Businesses

Identity crimes are not limited to individuals. Businesses are increasingly targeted by criminals who see value in stealing corporate data and credentials. From fraudulent loans to fake vendor invoices, the impact of business identity theft can be devastating. Unfortunately, many business owners don’t realize how much information about their organization is publicly available, or how vulnerable their employees and systems may be, until after a crime has occurred.

The Identity Theft Resource Center (ITRC) works closely with organizations of all sizes to raise awareness, reduce risks and provide recovery support. Below, we address some of the most common questions business owners have about identity crimes, the information criminals seek, how they obtain it and what steps businesses can take to protect themselves.

What Information Do Criminals Want From Businesses?

Much like personal identity theft, business identity theft revolves around stealing sensitive information to commit fraud. Criminals target data that allows them to impersonate the business or its leaders, open fraudulent accounts or exploit financial relationships. The most sought-after information includes:

• Owner/officer’s name and personal information – Criminals may use an executive’s personal identity details to impersonate them or to create fake identities.
• Employer Identification Number (EIN) – Similar to a Social Security number for individuals, an EIN can be used to apply for loans, open accounts or file fraudulent tax returns.
• Business legal name and address – These are often public but can still be leveraged for scams, such as changing business records or filing false documents.
• Employee information – Personal data on staff can be exploited in payroll diversion scams or unemployment fraud.
• Customer information – Criminals may use customer records for phishing, identity theft or account takeover attacks.
• Vendor information – Data about suppliers or partners can be used to impersonate vendors, send fraudulent invoices or reroute payments.
• Account credentials – Login details for email, banking or business applications are highly valuable to attackers. Once inside your systems, they can access financial records, customer data and other sensitive files.

How Do Criminals Steal Business Information?

Business identity theft does not always involve a sophisticated hack. Criminals often combine publicly available information with opportunistic tactics to gain access. Common methods include:

Public records

Business registration filings and other state or federal records often list owner names, addresses and other identifying details. Criminals may use this information to impersonate business leaders or alter official filings.

Cyberattacks

Cyberattacks involve hackers damaging or destroying a computer network or system. One common example is phishing emails. These fraudulent emails trick employees into clicking malicious links, sharing credentials or transferring funds.

Unsecured databases, unpatched software or malware leave businesses vulnerable to virtual attacks, such as installing malicious software or exfiltrating important data.

Vendors

Even if your own systems are secure, third-party partners may be more vulnerable. Criminals often exploit weaker vendors to infiltrate larger organizations through shared accounts or fraudulent invoices.

Unsecured Documents and Devices

Laptops, smartphones and hard drives without encryption can provide criminals with all the data they need. Even paper documents left unsecured can be stolen and misused.

How Do I Know If My Business Has Been Targeted?

Identity crimes against businesses can be difficult to detect until financial damage occurs. Red flags include:

• Unfamiliar charges, invoices or credit activity in the business name.
  
• Notices from the IRS about unpaid taxes, duplicate filings or benefits your business never applied for.
  
• Customers or vendors reporting suspicious emails or invoices that appear to come from your business.
  
• Unexpected denials of credit or loan applications.
  
• Unauthorized changes to business registration records.

Regular monitoring of financial and public records is essential to catch these issues early.

What Are the Risks If My Business Becomes a Victim of Identity Theft?

The consequences of business identity theft extend far beyond financial loss:

• Direct financial harm – Fraudulent loans, stolen funds and unauthorized transactions can drain accounts.
  
• Reputational damage – Customers, vendors and employees may lose trust if their data is compromised.
  
• Operational disruption – Time and resources spent resolving fraud divert attention from core business operations.
  
• Regulatory and legal consequences – Businesses may face fines or lawsuits if they fail to safeguard customer or employee data.

In some cases, small businesses never fully recover from a serious identity crime.

How Can Businesses Protect Themselves from Identity Crimes?

While no system is completely immune, safeguards dramatically reduce the likelihood and impact of business identity theft. Here are the best practices every business should adopt:

Monitor for Suspicious Activity

• Review business credit reports regularly.
  
• Check public records and business registration filings for unauthorized changes.
  
• Reconcile bank statements and invoices promptly to identify anomalies.

Secure Physical and Electronic Records

• Store sensitive paper records in locked cabinets or rooms.
  
• Use shredders or professional destruction services for document disposal.
  
• Ensure laptops, tablets and phones are encrypted and protected with strong passcodes.

Protect Electronic Data

• Data minimization: Only collect and retain the data you truly need.
  
• Password hygiene: Use strong, unique passwords and implement multi-factor authentication.
  
• Software updates: Keep systems, applications and antivirus software current to close security gaps.

Stay Informed About Emerging Threats

• Train employees to recognize phishing and social engineering tactics.
  
• Share regular security updates across teams.
  
• Subscribe to alerts from trusted sources like the Federal Trade Commission, state agencies or the ITRC.

What Should I Do If My Business Falls Victim to Identity Theft?

If you suspect or confirm that your business has been compromised:

1. Document everything. Keep detailed records of suspicious activity, fraudulent charges and any communications.
   
2. Contact affected parties. Notify banks, vendors and customers about fraudulent activity to prevent further losses.
   
3. Report the incident. File a report with local law enforcement and the Federal Trade Commission. Many states also require reports to the Secretary of State if business filings are affected.
   
4. Place fraud alerts. Contact credit bureaus to flag your business credit file.
   
5. Seek expert help. The ITRC offers confidential assistance to businesses dealing with identity crimes.

Why Should Businesses Work With the ITRC?

The Identity Theft Resource Center is a nonprofit organization dedicated to minimizing the risk and impact of identity crimes. For businesses, this means:

• Reliable guidance: ITRC advisors provide one-on-one support to help identify risks and navigate recovery.
  
• Educational resources: Access webinars, alerts and best practices tailored to business owners.
  
• Recovery assistance: Step-by-step help in reporting incidents, restoring accounts and preventing future attacks.

With cybercriminals becoming more sophisticated, business owners should not face identity crimes alone. The ITRC provides trusted, unbiased expertise to help organizations protect themselves and their stakeholders.

Final Thoughts

Business identity crimes are a growing threat in today’s digital economy. Criminals know that businesses hold valuable information about themselves, their employees, customers and vendors. Whether through phishing, data breaches or exploiting public records, attackers are constantly seeking new ways to profit from stolen data.

The good news is that with vigilance, security best practices and support from organizations like the ITRC, businesses can significantly reduce their risk. If you suspect identity theft or simply want to strengthen your defenses, don’t wait until it’s too late. Contact our team today for more information.